Spotflux is a VPN that seems promising from the outset. The service was launched in 2012 and was started by two privacy advocates that came from a strong decade-long background in infosec. Before the full launch four years ago, Spotflux ran a beta test, and in less than a year it had attracted 100,000 users from 121 countries. That is pretty good going, and certainly made my ears prick up as I came in for my up close and personal inspection of the VPN service. Spotflux also claims to be the ‘most advanced VPN in the world’, so let’s take a look the service.
Overall, Spotflux is a free or low-cost VPN service that is available for Mac, Windows, iOS and Android. It is an adequate service with some pretty cool features. Despite what it has going for it, however, Spotflux doesn’t compare to high-end VPN services. As long as you expect to get what you pay for, though, Spotflux provides a reasonable service that may well suit some people.
Pricing & Plans
Spotflux is a simple, no frills VPN service for iOS, Mac, Android and Windows. What is great is that free users are not limited by how much data they can use. As such, Spotflux is a great way to encrypt the web traffic moving in and out of your system if that is what you need it for.
Free users can only connect to a few servers situated in Australia, the UK, Frankfurt, and the East and West coasts of the US. Even though that is rather limited, for a free service it still opens up plenty of options for streaming, and guarantees access to websites like Facebook and Twitter in regions where they are blocked.
In addition to the free VPN encryption service, users are offered the possibility of an upgrade to Premium. This costs $37.99 per year for 5 simultaneous devices or $29.99 for the mobile only version.
The mobile-only option is a pretty handy inclusion for those people that only need a VPN on one device, such as a phone or tablet. If you do only need Spotflux on one mobile device, that works out to an average of two and a half dollars a month, which certainly is a very cheap VPN option. Even at $37.99, the cost of Spotflux isn’t exactly earth shattering. In fact, some might say it’s next to nothing.
Spotflux also offers a monthly plan for people that don’t want to commit for a full year. It costs $4.99 per month and gives you full access to the premium service on a month-by-month basis. Obviously, paying for a year at a time will work out considerably cheaper, with savings of $21.89 in total.
Premium and mobile packages
Paid subscribers gain the benefit of the following features:
- Access to all of the Spotflux server locations in France – Paris, Germany – Frankfurt, Japan – Tokyo, Netherlands – Amsterdam, Singapore, UK – London, USA – New York, USA – Miami and USA – Silicon Valley.
- Mobile data compression to help save on bandwidth.
- No ads.
- Five simultaneous connections (On the premium account, not the cheaper mobile service where you get one).
- Enhanced privacy, including the ability to block tracking cookies and other internet spyware.
- Premium support (as opposed to virtually none).
- Free or very cheap
- No data limits
- Not terrible speeds (considering the cost)
- Five simultaneous connections (Premium)
- No ads (on Premium or Mobile versions)
- Scans for malware and blocks ads (on Premium and Mobile versions)
- Poor customer support
- Based in the US
- No P2P allowed
- 3rd party ads are delivered to users of the free service
- BBC iPlayer not available
- Connection logs kept
Peer to peer is sadly not permitted on Spotflux free, mobile, or premium versions of the service. From its website:
‘Unfortunately, we cannot support the use of Bittorrent (or similar P2P file sharing protocols) on our network due to its widespread abuse in violating copyright laws. Spotflux is a service designed to increase your privacy and security on the web but not a service to safe harbor online activity from nefarious or illegal acts.’
In addition, on the free version only your web browser data will be encrypted – other applications will also continue to use your regular connection.
Malware and advert blocking
One of the features that Spotflux boasts of is built in software that scans for malware and viruses (including malicious ads). That software, users are told, detects threats and eliminates them:
Spotflux also regularly updates its servers to scan for widespread malware such as DNSChanger. This is a reasonable feature that not all VPNs offer and can therefore be seen as something of a bonus of the service.
Tests to see if it did indeed block adverts showed that it was working successfully as an ad blocker.
Bandwidth saving compression technology
Although Spotflux makes a big deal about this feature, this is almost certainly LZO compression – which is standard fare for all the big names in the VPN business. As such, despite being a reasonable feature, it is nothing special in the slightest.
How does Spotflux monetize its service?
While on the paid mobile and premium versions of Spotflux you won’t be subjected to third party advertisements, that is sadly not the case using the free version.
Spotflux is registered to the US, which is the home of the NSA. When using any VPN registered in the US, privacy becomes an issue. One plus is that with the free Spotflux service it is possible to use the VPN without actually signing up with a name or email. This, however, falls apart entirely if you require any assistance – because even to send a support request you must register an email.
In order to run the service, when you download Spotflux the firm attaches a unique identifier to your machine. According to the firm, this is used ‘to diagnose system issues and respond to support requests’. However, as stated above, my experience was quite different, as I was not able to begin a support request without first attaching an email account to the service.
In addition to this, Spotflux does admit that it will create a file that is attached to your account that it keeps your emails in,
‘If a user sends us personal correspondence, such as emails or letters, we may collect such information into a file specific to such user for the purpose of assisting or communicating with that user.’
Spotflux goes on to describe its use of the unique identifier as follows:
‘The unique identifier is not used for tracking your internet browsing activities. When you log on to spotflux you are given a new and unique IP address within our internal network. This internal IP address is not unique to you and is not used for tracking your internet browsing activities.’
In conclusion, this is a VPN service that does hold some user data on record, including correspondence emails. Furthermore, some connection logs are kept by the company for internal use. Fortunately, no usage logs are kept by the company – so the details of what you have been doing online are kept private.
One option would be for users to start a disposable, anonymous, email account for liaising with Spotflux. That would enable you to stay in contact with their team without the need for exposing your real email account – and identity with it.
When it comes to security, Spotflux provides rather good encryption, even on the free version. With the free version, you get SSL128-bit encryption to ensure that all your browsing activities are secure. However, there is a reason not to start celebrating just yet. Despite the quality encryption levels, the free version of Spotflux only encrypts your web data of your Internet browser. The result is that any third-party apps you use are not secured with Spotflux.
The good news is that on the paid Mobile and Premium version this is not the case. Those versions of the service do encrypt all your internet activity, even if internet communication is happening via a separate app.
Further good news is that even on the free version of the service users are offered the following options: PPTP, OpenVPN and L2TP/IPSec.
It is probable that IPSec is used for the iOS app. Sadly, that is something I have been unable to confirm due to the fact that Spotflux has not answered my support queries other than to tell me to look at the ‘knowledge base’ section of their website.
In addition, because they haven’t been in touch I’m unable to inform you about details of the encryption used for OpenVPN connections. These include cipher size, handshake key encryption size, authentication method, or if there is Perfect Forward Secrecy in place.
The website looks pretty decent and is certainly not amateurish. On the whole, however, it serves as an advert for the service and does little to really explain the intricacies of how it works. It serves the function of attempting to hook users into downloading the service, rather than truly informing users about the levels of security that it provides.
Sadly, support for Spotflux is rather lacking. I signed up with my email address to be able to contact their support team, but sadly received only the following response (my emphasis added),
Despite checking on their support forum (knowledge base), and using the search feature, I was unable to get at the information that I wanted. This led me to a prompt telling me to contact their support team, which has been a fruitless exertion so far.
Live chat, however, is available to premium users who get much better treatment than free users (understandably). All in all, despite claiming to be available via Facebook, Twitter, and the ticket support system, we found this to be something of a lie if you are a free user – even if you give them your email address.
Downloading the Windows and Android versions of the Spotflux VPN software was easy and quick. What was particularly nice about the Windows client was the way it walked you through the installation process all the way through to completion.
The Spotflux Windows VPN Client
The Windows VPN client is pretty basic. Other than the premium features that you can see in the screenshot below, it has no features such as a kill switch or port forwarding etc. The bad news is that DNS leak protection does not appear to be built-in on the Windows client. WebRTC leaks were also detected. Truly poor on both accounts.
As you can see, the server options are located in the drop-down menu in the top left.
The Android version of Spotflux is kind on the eyes. Like the Windows version it has no extra features to speak of. The free version encrypts web browser traffic alone, whereas the paid versions allow all your apps to be secured with the VPN on your Android device (although do keep in mind that you cannot expect any level of anonymity when using mobile apps with any VPN).
When I tested for DNS leaks on the Android client, none were detected. This, at least, is better than on the Windows client. Sadly, however, WebRTC leaks were – once again – detected in the Android client.
Performance (Speed, DNS, WebRTC and IPv4 Tests)
Tests were performed using TestMy.net on a UK 50mbps/3mbps fiber connection. The results were pretty reasonable, with not a huge loss in performance overall. Some servers did perform better than others, as you can see, but overall I was impressed with this cheap service’s connection speeds.
The good news is that no IPv4 DNS leaks were detected in Android. Unfortunately, however, they were detected in Windows, and WebRTC leaks were found to be occurring in both clients. As such, if you do choose to use Spotflux you are well advised to fix that problem yourself. Sadly I was unable to test for IPv6 leaks as that connection is not available with my ISP.
Spotflux Review Conclusion
- Free service has no data limits
- Premium service is cheap
- No DNS leaks on Android (but WebRTC leaks)
- Protection against ads and malware (paid services)
- Bandwidth saving compression algorithm (paid services)
- Not bad on speeds (considering cost)
- 5 simultaneous connections (Premium only)
- No usage logs, but…
I wasn’t so sure about
- Connection logs
- Connection speeds were pretty uninspiring (though we have seen free services that are slower)
- Free version encrypts only web traffic in your browser (not 3rd party apps)
- US Netflix and BBC iPlayer blocked
- Customer support is non-existent for free users
- Encryption is almost certainly lacking (despite plenty of options)
- The US is terrible for privacy (home of NSA) and doesn’t mix well with a VPN firm that keeps logs
- DNS leaks in the Windows client
In conclusion, Spotflux is fine if you want to geo-spoof your location, bypass simple firewalls or access websites that are blocked. In addition, it will keep you secure on public WiFi hotspots. However, if true security is what you are after then you would be better off going elsewhere (to a high end, more costly VPN service). As is always the case with VPNs, you really do get what you pay for.